New issue
Advanced search Search tips

Issue 865268 link

Starred by 2 users

Issue metadata

Status: Verified
Owner: ----
Closed: Jul 19
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in viz::mojom::blink::CompositorFrameSinkProxy::DidDeleteSharedBitmap

Project Member Reported by ClusterFuzz, Jul 19

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5050245336268800

Fuzzer: inferno_canvas_wrecker
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  viz::mojom::blink::CompositorFrameSinkProxy::DidDeleteSharedBitmap
  blink::VideoFrameSubmitter::DidDeleteSharedBitmap
  media::VideoResourceUpdater::SoftwarePlaneResource::`scalar deleting destructor'
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5050245336268800

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jul 19

Labels: Fuzz-Blocker ReleaseBlock-Beta M-69
This crash occurs very frequently on mac platform and is likely preventing the fuzzer inferno_canvas_wrecker from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.
Project Member

Comment 2 by ClusterFuzz, Jul 19

ClusterFuzz has detected this issue as fixed in range 576367:576370.

Detailed report: https://clusterfuzz.com/testcase?key=5050245336268800

Fuzzer: inferno_canvas_wrecker
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  viz::mojom::blink::CompositorFrameSinkProxy::DidDeleteSharedBitmap
  blink::VideoFrameSubmitter::DidDeleteSharedBitmap
  media::VideoResourceUpdater::SoftwarePlaneResource::`scalar deleting destructor'
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=576367:576370

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5050245336268800

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Jul 19

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 5050245336268800 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Labels: Merge-TBD
[Auto-generated comment by a script] We noticed that this issue is targeted for M-69; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-69 label, otherwise remove Merge-TBD label. Thanks.
Labels: -Merge-TBD
M69 branch #3497, branched at chromium revision #576753. No merge is needed.

Sign in to add a comment